Ce contenu n'est pas disponible dans la langue sélectionnée.

7.6. SSSD Client-side Views


SSSD enables you to create a client-side view to specify new values for POSIX user or group attributes. The view takes effect only on the local machine where the overrides are configured. You can configure client-side overrides for all id_provider values, except ipa. If you are using the ipa provider, define ID views centrally in IdM. See the corresponding section in the Linux Domain Identity, Authentication, and Policy Guide.
For more information, see the Potential Negative Impact on SSSD Performance section in the Linux Domain Identity, Authentication, and Policy Guide.

Note

After creating the first override using the sss_override user-add, sss_override group-add, or sss_override user-import command, restart SSSD for the changes to take effect:
# systemctl restart sssd

7.6.1. Defining a Different Attribute Value for a User Account

As an administrator, you configured an existing host to use accounts from LDAP. However, a user's new ID in LDAP is different from the user's previous ID on the local system. You can configure a client-side view to override the UID instead of changing the permissions on existing files.
To override the UID of the user account with UID 6666:
  1. Optional. Display the current UID of the user account:
    # id user
    uid=1241400014(user_name) gid=1241400014(user_name) Groups=1241400014(user_name)
  2. Override the account's UID with 6666:
    # sss_override user-add user -u 6666
  3. Wait until the in-memory cache has been expired. To expire it manually:
    # sss_cache --users
  4. Verify that the new UID is applied:
    # id user
    uid=6666(user_name) gid=1241400014(user_name) Groups=1241400014(user_name)
  5. Optional. Display the overrides for the user:
    # sss_override user-show user
    user@ldap.example.com::6666:::::
For a list of attributes you can override, list the command-line options by adding --help to the command:
# sss_override user-add --help

7.6.2. Listing All Overrides on a Host

As an administrator, you want to list all user and group overrides on a host to verify that the correct attributes are overridden.
To list all user overrides:
# sss_override user-find
user1@ldap.example.com::8000::::/bin/zsh:
user2@ldap.example.com::8001::::/bin/bash:
...
To list all group overrides:
# sss_override group-find
group1@ldap.example.com::7000
group2@ldap.example.com::7001
...

7.6.3. Removing a Local Override

You previously created an override for the shell of the user account, that is defined in the global LDAP directory. To remove the override for the account, run:
# sss_override user-del user
The changes take effect immediately.
To remove an override for a group, run:
# sss_override group-del group

Note

When you remove overrides for a user or group, all overrides for this object are removed.

7.6.4. Exporting and Importing Local Views

Client-side views are stored in the local SSSD cache. You can export user and group views from the cache to a file to create a backup. For example, when you remove the SSSD cache, you can restore the views later again.
To back up user and group views:
# sss_override user-export /var/lib/sss/backup/sssd_user_overrides.bak
# sss_override group-export /var/lib/sss/backup/sssd_group_overrides.bak
To restore user and group view:
# sss_override user-import /var/lib/sss/backup/sssd_user_overrides.bak
# sss_override group-import /var/lib/sss/backup/sssd_group_overrides.bak
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.